When we are talking about an online virus scanner, from a security perspective, we can talk about two options. The first option is using an online virus scanner to scan our computer for viruses and other threats. The second option is to upload a suspected file to a web site that contains a scanning service. This site will scan the upload file to check if the file is a known type of malware.
Let’s expand on each of the options for better understanding.
Online virus scanner – scanning your computer:
Another day had passed, and as usual, you are sitting in front of your computer. Log into your desktop to start doing whatever you do with your computer. You are aware of computer security and have a password. Even a good one that contains capital letters, small letters, numbers, and even a special sign. As you log in, you see that your antivirus shows you a nice small message that it had been updated and new files were downloaded. It is fully functional all is green. You are starting to press on some buttons with your mouse and you get a feeling that something does not function as it used to function the last time you work on your computer.
This is an example of a known behavior that may imply that your computer is infected with a virus, and yes it can happen even if you have an installed up to date antivirus on your system.
The antiviruses vendors:
As you probably know, there are a lot of antiviruses vendors, each one had its arsenal of antiviruses products. Most of the time, there will be a free antivirus, for home users. With all the basic options, including the following:
- Real-time monitor.
- File and memory scanner.
- Option to schedule a daily or weekly scan.
- Automatic updater.
- A web scanner or blocker, to check if the site you are about to enter contains a malicious code in it.
There are some other versions of the anti-virus, mostly name professional, or premium. That costs money, in most cases, but include support and some more features that can help you and make your life more secure on the aspect of viruses.
One of the features can be using a cloud so that in the case of a file with suspicious behavior is found on one of the computers, that connecting and using the cloud. It can be globally over the world.
The antivirus uploads this file, scan it with an online virus scanner or by manual analysis. If it marks as a virus it can be alerted to all the other clients. Using the cloud to automatically block it and in a case that it is found on other systems block them also.
In our case, we are talking about an online service that can scan your computer, if we take a look again on a normal anti-virus that has to be install on our computer and to download all the updated virus definition, in online virus scanner, you have to upload the file for the scanners engines to scan it.
What is the definition file?
A virus definition file is the signature database that the antivirus tool is loading when it scanning. Most of the file definition contains a signature that represents the malware. It includes the virus name or type, the virus size, common virus family code, and some more information about the virus, that will help the scanner determine if the files contain a virus.
How does an online virus scanner work?
When you get into an online virus scanner site, you have a button to start the scanning, but before the scanning starts the site asks you to download and install a small and lite file. This file can be an ActiveX (OCX base file extension) that can be installed into your web browser. It will be used to start downloading the antivirus needed files and run (execute) other small components, like the scanner itself. A EULA (End User License Agreement) will popup and the last definition file will be downloaded, which contains the newest viruses database.
Once all the necessary files had been downloaded the scanner can start to run and start scanning your system trying to find viruses on your system.
Is it safe?
As I mentioned above, most of the online virus scanner are services that supported by known anti-viruses vendors. I can say, if you trust the antivirus vendor, you can trust its online scanner tool. It is safe to use, and I am also recommended using an online virus scanner even if you have an antivirus installed on your computer.
This can be a second opinion by another doctor without the need to actually go to the doctor aka install and configure the antivirus. Most antivirus will not work with another one, so without the need to uninstall the other antivirus that already installs on your computer.
So why do I need to install an antivirus?
There are 6 main reasons that I think it is recommended to use an online virus scanner from time to time, and here they are:
- Second opinion.
- Does not involve in the installation and uninstalling of software from your computer.
- It can be reached from anywhere that has an internet connection.
- It can be used freely.
- Does not involve in registration forms and so on.
- Lite in size.
But if it online why do I need to download files?
After all, you need to run the tool, and it needs to have a good and updated virus definition file. To have all that, you must download some small files and the definition file to run and scan your computer. Also, the files that need to be scan are on your local disk. To have access to the local disk from the web browsers. It must use a type of file that are allowed to use in order to get access to the file system. This is due to the fact that you do not want every site to be able to inject its own tool into your computer automatically.
Online virus scanner – uploading a suspicious file:
Yes, the download is finished and the file was laying on your hard disk, on the downloads folder. Waits only for you to open it. This file was recommended to you by your friend. Using one of the messaging applications installed on your smartphone. You are thinking to yourself, today when I get home I will sit near my computer and open this newly-downloaded file that I was waiting for.
As you get home, opening your computer and enter your folder, you see that there is more than one file in the Downloads folder, there is also a small icon with a nice word like/pdf, zip or movie file, that you are not familiar with. What is my next step…
Oh, emails…emails, so old but yet still so in use, ok, so you open your email account, and after you press the send and receive button on the seventh time you only have about 100 new emails in your inbox and as always a lot of others in your spam folder. We all know that emails in the spam folder must be deleted ASAP.
So you enter into the spam folder and take a quick look to see if the spam filter accidentally marks an important email as spam and luckily you, your spam filter works great and your spam folder contains only spam messages. The next step is to delete them.
Well the fun time is over and now we need to go into the inbox folder and start reading our emails, and then you see an email with an attachment. Well, the sender looks like one of the sites you know, or register on. The information, especially the information about you looks right, first name, last name, title, and even the phone number. So it is probably another legit email from the site. The attached file is a pdf file, so it must be a document with more information that relates to me form the site,
What is my next step…
In scenario one, I guess there is two common option, delete the file (or more right will be to say, move it to the recycle bin) or use our mouse and press the file to see what it is.
In scenario two, most of the people out there will open the attached file to see/read its content.
What is my next step?
Looking on every file that you download from the web as a suspicious file is a bit to become paranoid. Some of the files, especially on an email that you are not 100% sure about their origin. And on file that looks like they appear out of nowhere on your computer. Especially on a folder that involves P2P software. It will be good to do some extra checks on the file. Doing it before opening it.
An email attachment is recommended to download it to your computer and not to automatically open it from the email. This is also recommended on files that are downloaded from the web. Do not use the run or open them once they finish downloading. Use the open folder, or manually navigate to the file folder.
You can for start, run your antivirus on the file to extra check that the file does not contain a virus. You can use an online virus scanner that uses multi antiviruses engines to check the file. This can give you a nice report about the file from all the vendors. Also, this can give you a more reliable answer if the file that you have is any type of known malware.
Why do I need it?
An online virus scanner that scans a file using a multi-vendor antivirus engine is a great tool that you can use to scan any file to get several “experts” that can tell you if the file contains any type of known threats. The services are free, most of the time, and only involve you to upload the file to them.
Think about the following:
- An online virus scanner is free.
- They are fast.
- It gives you an answer base on some vendors.
- In case of a new threat that was managed to discover by only one of the vendors. Helpful in future use.
- No need for installation.
Based on the fast spreads of threats, vendors are working really hard to keep up with new threats. By updating their engines and their definition files. If you take this power and combine it into one online service. That is based on a list of known antivirus vendors. You have a great tool that can be used over the globe to discover new threats on automatic. With the option to update the vendors.
After all most of the threats are contains code sections that can be discovered as a problematic section by one or more vendors. This can be done even if the vendor does not familiar with the full file. This is due to the malware family. AKA same malware code is used for several malwares.
How does it work?
There are some sites that contain this service, the big one Virus Total, it can scan local files and web URLs to check if they contain any signs of a virus.
As an antivirus vendor, I want to prove that my engine is the best, so if I can I will add it to a site like this one, and keep it updated to catch all the threats that it can.
I will gain from it some exposure to the market, some extra tests that people will upload files to check the engine, and new potential threats that the site will collect each day. As a vendor, this can help me to improve my definition file.
Vendors will try to add their antivirus engine to the site. The next thing is, the site will give the user an option to upload a file to the site. This way all the engines that the site has will scan the file and create a report about the file. The next step will be to show the user a nice report with information about the uploaded file. The site also collects samples of new files and malware that can be helping the vendors with learning on new threats.
Digital File signature:
A digital file signature is an algorithm that runs on the file. Re: open the file, read it and for each bit from the file creates a signature, a one way signature for the file that will represent the file. This signature will be unique for that file only. Keep in mind that changing the file name does NOT impact on the signature of the file. Only a change in the file data will affect the signature. This signature may be referred to as a file hash signature.
Examples of hash signatures that can, and use, to represent a digital file signature are MD5 and the SHA algorithms. You can read more about digital signature and/or the MD5 or SHA1 on the web. Just use your favorite search engine to find information about them.